Island Health investigates privacy breach of 198 individuals

Two Island Health employees were dismissed after an internal investigation revealed they breached the privacy of 198 individuals receiving services through Island Health.

According to Kellie Hudson, an Island Health spokesperson, the two employees used their access privileges to view the records of patients with whom they “had no care or service relationship.”

The investigation began after a routine audit was run of employee access to the Electronic Health Record.

While privacy legislation prevents Island Health from discussing the specifics of personnel matters, Hudson confirmed the two individuals no longer work for Island Health.

“It is unacceptable that any employee uses his or her access privileges to view patients’ records,” she said. “Such actions are contradictory to our organizational values and policies.”

Island Health is in the process of notifying those impacted by the breach, though it didn’t provide specifics.

A “breach” is considered when patient info is accessed by an unauthorized source, compromising the person’s privacy. This includes unauthorized reading of a patient’s chart and accessing information on yourself, children, family, friends or co-workers.

This isn’t the first privacy breach at Island Health, however.

In November 2014, two employees accessed the electronic health records of 112 individuals in order to “satisfy their curiosity” about patients. Both were caught and let go after the fact, following a month-long internal investigation.

Island Health maintains that its staff is “well-oriented” to the importance of maintaining the confidentiality of sensitive information and the consequences of violating policy.

“Unauthorized access to patient files is a breach of our code of conduct, is a violation of privacy and will not be tolerated,” Hudson said. “We are assessing our practices now to mitigate any future violations.”